In an attempt to dispell rumors that its software is being used as a backdoor into users' computers, Kaspersky Labs said today it would subject its security products to an independent third-party source code review.

The source code audit will be part of Kaspersky's larger plan named the Global Transparency Initiative that will also include an audit of its infrastructure and product development cycle.

Kaspersky plans to hire a trusted partner to carry out the security audit and offer results to governments and organizations that need reassurance that Kaspersky products aren't spying on users and allowing the FSB to search and collect sensitive data from users' computers, as the US government has alleged in the past few months.

Code review process to begin next year

The code review process will begin sometime in the first quarter of 2018. The security vendor is currently looking for a trusted third-party to review the source code.

Kaspersky also plans to open three "transparency centers" in Europe, Asia, and the US, where companies and governments will be able to access the source code review results in a safe environment. Kaspersky plans to open the first transparency center next year, while the third will open by 2020.

In addition, the company has increased the maximum bug bounty reward to a whopping $100,000 for vulnerabilities discovered in main Kaspersky products.

Kaspersky wanted to open software source since July

Eugene Kaspersky has always denied the US government's accusations and has previously offered to provide the US government access to the company's source code back in July.

It is still unclear if Kaspersky has allowed the FSB to use its product to search for government data on users' computers, or if the FSB hijacked the company's infrastructure without its knowledge.

A report from last week claims the FSB or Kaspersky might have used a technique called "silent signatures" to search data on users' computers. This technique is supported by most modern antivirus products and allows the AV maker to search for malware-related "strings" in users' files. The theory is that the FSB or Kaspersky employees might have used silent signatures to search for NSA-related files instead of malware.

"Internet balkanization benefits no one except cybercriminals," Kaspersky said today regarding the US government's recent accusations. "Cybersecurity has no borders, but attempts to introduce national boundaries in cyberspace is counterproductive and must be stopped. We need to reestablish trust in relationships between companies, governments and citizens."

Catalin Cimpanu is the Security News Editor for Bleeping Computer, where he covers topics such as malware, breaches, vulnerabilities, exploits, hacking news, the Dark Web, and a few more. Catalin previously covered Web & Security news for Softpedia between May 2015 and October 2016. The easiest way to reach Catalin is via his XMPP/Jabber address at campuscodi@xmpp.is. For other contact methods, please visit Catalin's author page.

You hit the nail on the head. The NSA does the exact same thing with all the AV vendors, find a backdoor and use it.

"So it comes as little surprise that Avast was targeted by the US National Security Agency, a revelation which came from one of the documents leaked by whistleblower Edward Snowden. In an effort known as "Project Camberdada," the US intelligence agency, with help from its British counterpart GCHQ, aimed to subvert and reverse engineer antivirus and security software to find vulnerabilities that would allow the agencies "the highest privileges with just one shot," according to The Intercept, which first reported the story."

"It makes no sense to try so much for those who still will not believe him, since they themselves are doing the same thing and even more, in which they accuse Kaspersky."

Interesting, you assume we do it but Kapersky doesn't? Or are you saying we should let Kapersky do it because we do? I seriously doubt Russia allows US products on their computers. If I have created a false dichotomy please explain the alternative.

The entire subject area is a minefield. Better attach your hero and villain labels with Velcro.

While I generally agree with Kaspersky Lab's response to allegations against it, and am pleased with the extraordinary code and infrastructure 3rd party review initiative, I don't think that will provide a solution to any of the deeper problems: those inherent in the vast scale, and multi-dimensionally interconnected digital world.

Where I really have to part ways with Kaspersky Lab is with their quote: "...We need to reestablish trust in relationships between companies, governments and citizens." That "trust" never existed; so will be pretty tough to "reestablish". The remark smacks of the "Age of Aquarius" idea that the internet would transform the world into a global village; where "peace will rule the planets, and love will rule the stars".

Thanks. "Balkanization" might be better applied to what the Internet has done, than to something done to the Internet.

Most of our analogies for what the internet is, fail because there has never in human experience been anything much like it. It eludes a description which is both comprehensive and comprehensible, let alone concise . If we can't agree on what it is, we stand little chance of agreeing on what it ought to be; and no chance of agreement on its management.